Update (#20)

composer.json

@@ -8,7 +8,7 @@
  "php": "^8.1",
  "guzzlehttp/guzzle": "^7.2",
  "laravel/framework": "^10.10",
- "laravel/sanctum": "^3.2",
+ "laravel/sanctum": "^3.3",
  "laravel/tinker": "^2.8"
  },
  "require-dev": {
@@ -45,7 +45,7 @@
  ],
  "post-create-project-cmd": [
  "@php artisan key:generate --ansi"
- ],
+],
  "setup": [
  "composer install",
  "php -r \"file_exists('.env') || copy('.env.example', '.env');\"",

config/app.php

@@ -141,7 +141,7 @@
 
  'maintenance' => [
  'driver' => 'file',
- // 'store'  => 'redis',
+ // 'store' => 'redis',
  ],
 
  /*

config/hashing.php

@@ -29,7 +29,8 @@
  */
 
  'bcrypt' => [
- 'rounds' => env('BCRYPT_ROUNDS', 10),
+ 'rounds' => env('BCRYPT_ROUNDS', 12),
+ 'verify' => true,
  ],
 
  /*
@@ -47,6 +48,7 @@
  'memory' => 65536,
  'threads' => 1,
  'time' => 4,
+ 'verify' => true,
  ],
 
 ];

config/mail.php

@@ -29,7 +29,7 @@
  | mailers below. You are free to add additional mailers as required.
  |
  | Supported: "smtp", "sendmail", "mailgun", "ses", "ses-v2",
- | "postmark", "log", "array", "failover"
+ | "postmark", "log", "array", "failover", "roundrobin"
  |
  */
 
@@ -50,15 +50,16 @@
  'transport' => 'ses',
  ],
 
- 'mailgun' => [
- 'transport' => 'mailgun',
+ 'postmark' => [
+ 'transport' => 'postmark',
+ // 'message_stream_id' => null,
  // 'client' => [
  // 'timeout' => 5,
  // ],
  ],
 
- 'postmark' => [
- 'transport' => 'postmark',
+ 'mailgun' => [
+ 'transport' => 'mailgun',
  // 'client' => [
  // 'timeout' => 5,
  // ],
@@ -85,6 +86,14 @@
  'log',
  ],
  ],
+
+ 'roundrobin' => [
+ 'transport' => 'roundrobin',
+ 'mailers' => [
+ 'ses',
+ 'postmark',
+ ],
+ ],
  ],
 
  /*

config/sanctum.php

@@ -41,13 +41,28 @@
  |--------------------------------------------------------------------------
  |
  | This value controls the number of minutes until an issued token will be
- | considered expired. If this value is null, personal access tokens do
- | not expire. This won't tweak the lifetime of first-party sessions.
+ | considered expired. This will override any values set in the token's
+ | "expires_at" attribute, but first-party sessions are not affected.
  |
  */
 
  'expiration' => null,
 
+ /*
+ |--------------------------------------------------------------------------
+ | Token Prefix
+ |--------------------------------------------------------------------------
+ |
+ | Sanctum can prefix new tokens in order to take advantage of numerous
+ | security scanning initiatives maintained by open source platforms
+ | that notify developers if they commit tokens into repositories.
+ |
+ | See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
+ |
+ */
+
+ 'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''),
+
  /*
  |--------------------------------------------------------------------------
  | Sanctum Middleware
@@ -60,8 +75,9 @@
  */
 
  'middleware' => [
- 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
+ 'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
  'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
+ 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
  ],
 
 ];

config/session.php

@@ -198,4 +198,17 @@
 
  'same_site' => 'lax',
 
+ /*
+ |--------------------------------------------------------------------------
+ | Partitioned Cookies
+ |--------------------------------------------------------------------------
+ |
+ | Setting this value to true will tie the cookie to the top-level site for
+ | a cross-site context. Partitioned cookies are accepted by the browser
+ | when flagged "secure" and the Same-Site attribute is set to "none".
+ |
+ */
+
+ 'partitioned' => false,
+
 ];

database/factories/UserFactory.php

@@ -3,13 +3,19 @@
 namespace Database\Factories;
 
 use Illuminate\Database\Eloquent\Factories\Factory;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Str;
 
 /**
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\User>
  */
 class UserFactory extends Factory
 {
+ /**
+ * The current password being used by the factory.
+ */
+ protected static ?string $password;
+
  /**
  * Define the model's default state.
  *
@@ -21,7 +27,7 @@ public function definition(): array
  'name' => fake()->name(),
  'email' => fake()->unique()->safeEmail(),
  'email_verified_at' => now(),
- 'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password
+ 'password' => static::$password ??= Hash::make('password'),
  'remember_token' => Str::random(10),
  ];
  }